CVE-2012-4587

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

Published: Aug 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-4587
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
mcafee / enterprise_mobility_manager	-	4.7.x
mcafee / enterprise_mobility_manager_agent	-	10.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/78130
https://kc.mcafee.com/corporate/index?page=content&id=SB10021

Vulnerability Database

289,697

CVE-2012-4587